<?php 
session_start(); 
?>

<?php
include('connect.php');

$userEmail = $_POST['email'];
$salt = "x57*7/a/CC";
$password = md5($_POST["password"].$salt);
$anfrage = "SELECT Password FROM tblusers WHERE Email LIKE '$userEmail' LIMIT 1";
$ergebnis = mysql_query($anfrage);
$passwordDB = mysql_result($ergebnis, 0);

if($passwordDB === $password) {
	$anfrage = "SELECT ID FROM tblusers WHERE Email LIKE '$userEmail' Limit 1";
	$ergebnis = mysql_query($anfrage);
	$id = mysql_result($ergebnis, 0);
	
	// Benutzer als online registrieren
	$sql = mysql_query("UPDATE tblusers SET Online = '1' WHERE Email LIKE '$userEmail'");
	
	// Zeitpunkt des Einloggens speichern
	$sql = mysql_query("UPDATE tblusers SET Timestamp = NOW() WHERE Email LIKE '$userEmail'");
	
	$_SESSION['SessionID'] = $id;
	$_SESSION['loginFailed'] = 0;
    session_write_close();
	header("Location: profile.php");
	exit();
} else {
	$_SESSION['loginFailed'] = 1;
	session_write_close();
	header("Location: index.php");
	exit();
}

?>